Privacy Policy

1. Who We Are

TAKE INTEREST Inc. ("TAKE INTEREST," "we," "our," or "us") operates the products and services described below. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services, including the Take Interest workspace, GuardClaw security platform, and our website at takeinterest.ai (collectively, the "Services").

2. Information We Collect

2.1 Information You Provide

Account Information: When you create an account, we collect your email address and authentication credentials. Authentication may use Firebase Authentication (Google Identity Platform) or equivalent managed identity services. Multi-factor authentication may be required for specific environments.

User-Generated Content: Content you create within our Services, including decision drafts, strategies, evidence notes, frameworks, and other workspace content. We treat all user-generated content as highly sensitive and private.

Contact Information: When you contact us via our contact form, we collect your name, email address, subject, and message content. The form uses Cloudflare Turnstile for bot verification, which may process your IP address and browser signals to validate the challenge. See Section 6 for details.

2.2 Information Collected Automatically

GuardClaw Telemetry (opt-out): The GuardClaw CLI collects anonymous telemetry by default, including decision counts, threat scores, strictness level, threshold, timing data, platform, and version. No prompts, commands, file paths, or PII are included. You can disable telemetry at any time with guardclaw telemetry disable.

Website and Dashboard Analytics: We use Mixpanel for anonymous analytics on takeinterest.ai and the GuardClaw dashboard. IP tracking is disabled. No personal information is collected through Mixpanel. On the marketing site, analytics load only after you accept the cookie consent banner.

Error Diagnostics: We use Sentry for error reporting with heavy redaction. Default PII sending is disabled. Trace sampling is set to zero. Only crash diagnostics necessary for product stability are collected.

Server Logs: Standard server access logs are collected for security and operational purposes. These logs do not contain user-generated content.

GuardClaw Agent Data: When agent management features are enabled, we collect agent identifiers, hostname, operating system, software version, heartbeat timestamps, CPU and memory usage metrics, runtime duration, anomaly scores, and agent control event logs (including actor IP addresses for audit purposes).

2.3 How We Do Not Use Your Information

We do not use tracking pixels or advertising cookies. We do not sell, rent, or share your personal information with advertisers.

2.4 Model Training and System Improvement

We may use data collected through the Services, including de-identified or aggregated User Content, telemetry data, and usage patterns, to improve our systems, train machine learning models, and develop new features. We take steps to de-identify and aggregate data before using it for these purposes. You can opt out of having your content used for model training by contacting us at privacy@takeinterest.ai.

3. How We Use Your Information

We use your information to:

Provide, maintain, and improve our Services. Authenticate your identity and enforce access controls. Communicate with you about your account or our Services. Respond to your inquiries and support requests. Detect, prevent, and address security threats and abuse. Improve our systems and train machine learning models (see Section 2.4). Comply with legal obligations.

4. Data Storage and Security

Infrastructure: All data is stored on Google Cloud Platform (GCP) in the United States. Data is encrypted at rest using Google-managed encryption and in transit using TLS 1.2+.

Sensitive Data Encryption: OAuth tokens and other highly sensitive credentials are encrypted using managed cryptographic controls and secure secret storage.

Access Controls: Backend services use dedicated service accounts with least-privilege permissions. User access controls may include allowlisting, MFA requirements, and server-side token verification where applicable.

Edge Protection: Public endpoints use edge protections such as rate limiting and request filtering to reduce abuse risk.

5. Data Retention

Account Data: Retained for the duration of your account. Deleted within 30 days of account deletion request.

User-Generated Content: Retained for the duration of your account. You may export or delete your content at any time.

GuardClaw Audit Data: All decision receipts are stored indefinitely. Access is limited by plan: Free (1,000 most recent receipts per workspace), Pro (100,000), Ultimate (500,000). Usage events are retained for operational purposes.

Server Logs: Retained for up to 90 days for security and operational purposes.

Contact Form Submissions: Retained for up to 180 days or until the inquiry is resolved, whichever comes first. Submissions are automatically deleted after the retention period.

6. Third-Party Services

We use the following third-party services as part of our infrastructure:

Google Cloud Platform: Cloud infrastructure, hosting, and authentication. Subject to Google Cloud's Data Processing Terms.

Firebase: Authentication and web hosting. Subject to Firebase Terms of Service.

Stripe: Payment processing (when enabled). Subject to Stripe's Privacy Policy. We do not store credit card numbers on our servers.

Cloudflare: DNS, edge network, and bot verification (Turnstile) for the contact form. Turnstile processes IP addresses and browser signals to distinguish humans from bots. Subject to Cloudflare's Privacy Policy.

Sentry: Error monitoring with heavily redacted data. No PII is transmitted.

Mixpanel: Anonymous analytics for the website and GuardClaw dashboard. IP tracking is disabled. No PII is collected.

We do not share user-generated content with any third-party service for their independent use. For our own model training and system improvement, see Section 2.4.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

Access: Request a copy of the personal information we hold about you.

Correction: Request correction of inaccurate personal information.

Deletion: Request deletion of your personal information and account.

Export: Request an export of your data in a portable format.

Restriction: Request restriction of processing of your personal information.

Objection: Object to processing of your personal information.

To exercise any of these rights, contact us at privacy@takeinterest.ai. We will respond within 30 days.

8. International Data Transfers

Our Services are hosted in the United States. If you access our Services from outside the United States, your information will be transferred to, stored, and processed in the United States. We implement appropriate safeguards for international data transfers in compliance with applicable data protection laws.

9. Children's Privacy

Our Services are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

10. California Privacy Rights (CCPA)

If you are a California resident, you have the right to: know what personal information we collect, request deletion of your personal information, opt out of the sale of personal information (we do not sell personal information), and not be discriminated against for exercising your privacy rights.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area, United Kingdom, or Switzerland, our legal basis for processing your personal information is: contractual necessity (to provide our Services), legitimate interests (security, fraud prevention, service improvement), consent (where required), and legal obligation (compliance with applicable laws). You have additional rights under GDPR including data portability and the right to lodge a complaint with a supervisory authority.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of our Services after the effective date of changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or our privacy practices, contact us at:

TAKE INTEREST Inc.
Email: privacy@takeinterest.ai